Prevalence of Enterprise Cyberattacks Underscores the Need for Absolute Data Destruction

Global threats to cybersecurity have been steadily rising over the last few years, so much so that cyberattack maps can now be easily found online. According to 2021 statistics, there is a new attack somewhere on the web every 39 seconds. The magnitude of the trend became glaringly apparent last year when Colonial Pipeline, one of the United States’ largest petroleum pipelines, was forced to proactively shut down due to a cyberattack. A few days later, the FBI confirmed that DarkSide, a well-known group of Russian cybercriminals, was responsible for the ransomware attack.

The profound personal and economic impact of this attack quickly caught the public’s attention. In less than a day, Americans became painfully aware of something most IT professionals have known for years—enterprise computer systems are extremely vulnerable and data and network security measures need to be a top priority for all organizations, especially those responsible for vital services and infrastructure.

What is a cyberattack and what are the consequences of a data breach?

In the past, data breaches and other types of cyberattacks amounted to little more than stolen identities and hacked Facebook accounts. Now, however, cybercrime has become big business. Even a small amount of leaked data in the wrong hands can lead to a widespread interruption of essential public services, multimillion-dollar ransom demands, and even violent attacks on people or property.

There are many types of cyberattacks, but when most people hear the word, they usually envision shady hackers in dark rooms, hunched over their keyboard and surrounded by an assortment of monitors showing cryptic lines of code and cliché “Access Denied” messages. The reality is often significantly less theatrical. While much of the attack may be performed from behind a keyboard, the breach that initially opened the door to hackers was probably something as common as easily guessed login credentials, a password jotted on a sticky note, or obsolete data left on a long-forgotten hard drive.

How do cyberattacks occur and how can the risk be mitigated?

In most instances, there is very little a business can do after a cyberattack to lessen the damage, so the key to managing costs is to prevent attacks it in the first place.

Leaked credentials and poor password hygiene have long been the bane of existence for IT security professionals, but data breaches due to the improper erasure or destruction of data storage devices is a relatively new problem. With the advent of faster, cheaper solid state drives (SSDs) and improved cloud storage, the replacement of hard drives and other legacy storage systems is common. Unfortunately, many IT professionals quickly discover that every computer or server upgrade generates one or more obsolete drives packed with potentially sensitive data.

When old systems are taken out of service, it’s standard practice to just erase or reformat the drives, store them in a locked closet, and simply forget about them. But as more end-of-life systems are upgraded or replaced, the number of accumulated devices grows to the point where keeping them becomes impractical. This is when most IT professionals who are aware of enterprise e-destruction consider seeking out the services of an electronics recycler. By this point, however, security is often less of a concern. It’s assumed that any residual data on these seemingly empty drives would be unreadable or obsolete, so little consideration is given to destroying it with absolute certainty. Instead, the focus is on merely disposing of the hardware when it should be on disposal of data.

Unfortunately, deleting files or reformatting a drive doesn’t always remove all traces of the data. To make matters worse, a fair number of early data storage formats are still in use today, and older encryption methods are easily cracked. Retrieving potentially sensitive information from these legacy devices is easier than many believe. To guarantee absolute data destruction, hard drives (HDDs) and backup tapes need to be magnetically wiped (degaussed) or mechanically shredded. In the case of solid state drives (SSDs) and thumb drives, the only way to ensure complete data destruction is to shred the drive.

Few e-recyclers guarantee absolute data destruction!

Many people assume degaussing or destroying a device is standard practice for all e-recyclers, but that’s not the case. The majority of e-recycling providers give little or no consideration to data destruction. Those who do rarely provide paperwork to clients that explains what happens to their data, assumes liability for any breaches, and puts them at ease that their data security is properly handled. In worst-case scenarios, unethical cyber-recycling companies merely package up collected e-waste and ship it elsewhere, typically overseas, for final disposition – a practice that is often illegal or, at the very least, considered immoral as well as hazardous to the people of developing nations.

At Sadoff E-Recycling and Data Destruction, we offer a choice of two levels of absolute data destruction and confirmation. Trusting us to handle the disposal of your data storage devices means you won’t have to worry about your vital electronic information falling into the wrong hands.

To learn how we can help your organization permanently destroy sensitive, obsolete data, contact us today.

This blog was originally published on 6/30/2021 and updated and republished on 2/10/2022

Categorized in: Data Security, Electronics Recycling, IT Equipment